version: '3.4'
services:
  traefik:
    image: traefik:2.5.2
    container_name: traefik
    restart: always
    command:
      - "--api=true"
      - "--providers.docker=true"
      - "--providers.docker.network=${COMPOSE_PROJECT_NAME}_web"
      - "--providers.docker.watch=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--certificatesresolvers.traefik.acme.email=${ACME_EMAIL:?lost ACME_EMAIL variable}"
      - "--certificatesresolvers.traefik.acme.storage=/lets_encrypt/acme.json"
      - "--certificatesresolvers.traefik.acme.httpchallenge.entrypoint=web"
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`traefik.${DOMAIN:?lost DOMAIN variable}`)
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.api.middlewares=ip-white,auth
      - traefik.http.middlewares.auth.basicauth.users=${HT_PASSWD:?lost HT_PASSWD variable}
      - traefik.http.middlewares.ip-white.ipwhitelist.sourcerange=${IP_FILTER:-0.0.0.0/0}
      - traefik.http.routers.api.tls.certresolver=traefik
      - traefik.http.routers.api.tls=true
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - lets_encrypt:/lets_encrypt
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - web

  loki:
    build:
      context: ./
      dockerfile: ./dockerfile
    image: loki:${VERSION:?lost VERSION variable}
    container_name: loki
    restart: always
    command: -config.file=/etc/loki/config.yml
    labels:
      - traefik.enable=true
      - traefik.http.services.loki.loadbalancer.server.port=3100
      - traefik.http.routers.loki.rule=Host(`${DOMAIN:?lost DOMAIN variable}`)
      - traefik.http.routers.loki.middlewares=auth-loki
      - traefik.http.middlewares.auth-loki.basicauth.users=${HT_PASSWD_LOKI:?lost HT_PASSWD_LOKI variable}
      - traefik.http.routers.loki.tls.certresolver=traefik
      - traefik.http.routers.loki.tls=true
    volumes:
      - ${LOKI_DB_DATA:?lost LOKI_DB_DATA variable}:/loki/
    ports:
      - "10.128.0.4:3100:3100"
    networks:
      - web

networks:
  web:
    driver: bridge
  local:
    driver: bridge

volumes:
  lets_encrypt:
